* David Howells (dhowells@redhat.com) wrote:> Patch 570b8fb505896e007fd3bb07573ba6640e51851d:> > Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>> Date: Tue Mar 30 00:04:00 2010 +0100> Subject: CRED: Fix memory leak in error handling> > attempts to fix a memory leak in the error handling by making the offending> return statement into a jump down to the bottom of the function where a> kfree(tgcred) is inserted.> > This is, however, incorrect, as it does a kfree() after doing put_cred() if> security_prepare_creds() fails. That will result in a double free if 'error'> is jumped to as put_cred() will also attempt to free the new tgcred record by> virtue of it being pointed to by the new cred record.

OK, I missed the fact taht put_cred() performs the kfree. Thanks for the fix.